Add IKmsProvider wrappers for Azure and GSC providers (#1460)

Author: sanych-sun

src/MongoDB.Driver/Authentication/External/AzureAuthenticationCredentialsProvider.cs

@@ -39,8 +39,6 @@ public AzureCredentials(string accessToken, DateTime? expiration)
         public string AccessToken => _accessToken;
         public DateTime? Expiration => _expiration;
         public bool ShouldBeRefreshed => _expiration.HasValue ? (_expiration.Value - DateTime.UtcNow) < __overlapWhereExpired : true;
-
-        public BsonDocument GetKmsCredentials() => new BsonDocument("accessToken", _accessToken);
     }
 
     internal sealed class AzureAuthenticationCredentialsProvider : IExternalAuthenticationCredentialsProvider<AzureCredentials>

src/MongoDB.Driver/Authentication/External/GcpAuthenticationCredentialsProvider.cs

@@ -33,8 +33,6 @@ internal sealed class GcpCredentials : IExternalCredentials
         public DateTime? Expiration => null;
 
         public bool ShouldBeRefreshed => true;
-
-        public BsonDocument GetKmsCredentials() => new BsonDocument("accessToken", _accessToken);
     }
 
     internal sealed class GcpAuthenticationCredentialsProvider : IExternalAuthenticationCredentialsProvider<GcpCredentials>

src/MongoDB.Driver/Authentication/External/IExternalCredentials.cs

@@ -14,14 +14,12 @@
 */
 
 using System;
-using MongoDB.Bson;
 
 namespace MongoDB.Driver.Authentication.External
 {
     internal interface IExternalCredentials
     {
         DateTime? Expiration { get; }
         bool ShouldBeRefreshed { get; }
-        BsonDocument GetKmsCredentials();
     }
 }

src/MongoDB.Driver/Encryption/AzureKmsProvider.cs

@@ -0,0 +1,35 @@
+/* Copyright 2010-present MongoDB Inc.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+using System.Threading;
+using System.Threading.Tasks;
+using MongoDB.Bson;
+using MongoDB.Driver.Authentication.External;
+
+namespace MongoDB.Driver.Encryption
+{
+    internal sealed class AzureKmsProvider : IKmsProvider
+    {
+        public const string ProviderName = "azure";
+
+        public static readonly IKmsProvider Instance = new AzureKmsProvider();
+
+        public async Task<BsonDocument> GetKmsCredentialsAsync(CancellationToken cancellationToken)
+        {
+            var credentials = await ExternalCredentialsAuthenticators.Instance.Azure.CreateCredentialsFromExternalSourceAsync(cancellationToken).ConfigureAwait(false);
+            return new BsonDocument("accessToken", credentials.AccessToken);
+        }
+    }
+}

src/MongoDB.Driver/Encryption/GcpKmsProvider.cs

@@ -0,0 +1,35 @@
+/* Copyright 2010-present MongoDB Inc.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+using System.Threading;
+using System.Threading.Tasks;
+using MongoDB.Bson;
+using MongoDB.Driver.Authentication.External;
+
+namespace MongoDB.Driver.Encryption
+{
+    internal sealed class GcpKmsProvider : IKmsProvider
+    {
+        public const string ProviderName = "gcp";
+
+        public static readonly IKmsProvider Instance = new GcpKmsProvider();
+
+        public async Task<BsonDocument> GetKmsCredentialsAsync(CancellationToken cancellationToken)
+        {
+            var credentials = await ExternalCredentialsAuthenticators.Instance.Gcp.CreateCredentialsFromExternalSourceAsync(cancellationToken).ConfigureAwait(false);
+            return new BsonDocument("accessToken", credentials.AccessToken);
+        }
+    }
+}

src/MongoDB.Driver/Encryption/KmsProviderRegistry.cs

@@ -27,7 +27,15 @@ public sealed class KmsProviderRegistry
         /// <summary>
         /// Kms Provider Registry Instance.
         /// </summary>
-        public static readonly KmsProviderRegistry Instance = new KmsProviderRegistry();
+        public static readonly KmsProviderRegistry Instance = CreateDefaultInstance();
+
+        private static KmsProviderRegistry CreateDefaultInstance()
+        {
+            var registry =  new KmsProviderRegistry();
+            registry.Register(GcpKmsProvider.ProviderName, () => GcpKmsProvider.Instance);
+            registry.Register(AzureKmsProvider.ProviderName, () => AzureKmsProvider.Instance);
+            return registry;
+        }
 
         private readonly ConcurrentDictionary<string, Func<IKmsProvider>> _registry = new();
 
@@ -51,7 +59,13 @@ public void Register(string kmsProviderName, Func<IKmsProvider> factory)
             }
         }
 
-        internal bool TryCreate(string providerName, out IKmsProvider provider)
+        /// <summary>
+        /// Creates KMS provider if possible.
+        /// </summary>
+        /// <param name="providerName">The requested provider name.</param>
+        /// <param name="provider">When this method succeeds contains the created provider, otherwise <value>null</value>.</param>
+        /// <returns><value>true</value> if the requested provider was created, otherwise <value>false</value>.</returns>
+        public bool TryCreate(string providerName, out IKmsProvider provider)
         {
             Ensure.IsNotNullOrEmpty(providerName, nameof(providerName));
 

src/MongoDB.Driver/Encryption/LibMongoCryptControllerBase.cs

@@ -24,7 +24,6 @@
 using System.Threading.Tasks;
 using MongoDB.Bson;
 using MongoDB.Bson.IO;
-using MongoDB.Driver.Authentication.External;
 using MongoDB.Driver.Core.Configuration;
 using MongoDB.Driver.Core.Connections;
 using MongoDB.Driver.Core.Misc;
@@ -246,19 +245,7 @@ private async Task ProcessNeedKmsCredentialsAsync(CryptContext context, Cancella
             var newCredentialsList = new List<BsonElement>();
             foreach (var kmsProvider in _kmsProviders.Where(k => k.Value.Count == 0))
             {
-                // TODO: Refactor all KMS providers to use Registry instead of the hardcoded switch.
-                IExternalCredentials credentialsBody = kmsProvider.Key switch
-                {
-                    "azure" => await ExternalCredentialsAuthenticators.Instance.Azure.CreateCredentialsFromExternalSourceAsync(cancellationToken).ConfigureAwait(false),
-                    "gcp" => await ExternalCredentialsAuthenticators.Instance.Gcp.CreateCredentialsFromExternalSourceAsync(cancellationToken).ConfigureAwait(false),
-                    _ => null,
-                };
-
-                if (credentialsBody != null)
-                {
-                    newCredentialsList.Add(new BsonElement(kmsProvider.Key, credentialsBody.GetKmsCredentials()));
-                }
-                else if (KmsProviderRegistry.Instance.TryCreate(kmsProvider.Key, out var provider))
+                if (KmsProviderRegistry.Instance.TryCreate(kmsProvider.Key, out var provider))
                 {
                     var credentials = await provider.GetKmsCredentialsAsync(cancellationToken).ConfigureAwait(false);
                     newCredentialsList.Add(new BsonElement(kmsProvider.Key, credentials));